Analysis

  • max time kernel
    177s
  • max time network
    190s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    18-06-2024 11:15

General

  • Target

    muzhiwanapp.apk

  • Size

    6.8MB

  • MD5

    25a12b3e3d69b621f16d6809d57e37ee

  • SHA1

    7c3026ac9bef20aa6c274a0ae0b2894ed27a39c6

  • SHA256

    63a4443e53422abf80dffa60c088c72921a4d839d4070613427d9165909ea7e6

  • SHA512

    d04d3fd4fa2d0911f1831b29c5b3031cd45349f8b916a1400a1789751c341272edcdb37b20ba468f759962f1aa7da174a58ced8cfaab1ccefa27dba19b445b47

  • SSDEEP

    196608:udfDsgl7Fo3HcMg5+knzUsd3wIm1vM4MY2oNs:eAKm3lO+kz7dg3oGs

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries information about running processes on the device 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about active data network 1 TTPs 2 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Processes

  • com.muzhiwan.market
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    PID:4279
  • com.muzhiwan.market:mult
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4313
    • cat /sys/class/net/wlan0/address
      2⤵
        PID:4490
      • cat /sys/class/net/wlan0/address
        2⤵
          PID:4534
      • com.muzhiwan.market:mzwlogservice
        1⤵
        • Loads dropped Dex/Jar
        • Queries information about running processes on the device
        PID:4368
        • sh
          2⤵
          • Checks if the Android device is rooted.
          PID:4506
        • su
          2⤵
            PID:4547
          • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.muzhiwan.market/data/mzw.apk --output-vdex-fd=47 --oat-fd=50 --oat-location=/data/data/com.muzhiwan.market/data/oat/x86/mzw.odex --compiler-filter=quicken --class-loader-context=&
            2⤵
            • Loads dropped Dex/Jar
            PID:4592

        Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.muzhiwan.market/data/mzw.apk

          Filesize

          17KB

          MD5

          d1a020921eff5f91e5900a64bc558eeb

          SHA1

          f03fec1fb79a3b528aced885a8e95fb0a7eb01ef

          SHA256

          de8599fe345c0cf878b2887a98d921051edd36de036b5c1d8595a2c8f3738aa6

          SHA512

          17f62c1182f869511ef89424cbc51140eddfb0e84a8999a5a4da94a6d398ccd92839a2d8a2705b976ecb59efbac90ede5122d3de8470dfbb75ce606a263b8d4e

        • /data/data/com.muzhiwan.market/data/mzw.apk

          Filesize

          17KB

          MD5

          e65188742e10046597a4c648d045699b

          SHA1

          37b2f1e3e89d3b0d8683737ccae2ee725e82a312

          SHA256

          d0990058e5204d1a1bde2eff40893cb49d1e8972ee9b7e1b03ae35ac3cd5df8b

          SHA512

          3859b177492c74ec9448f7c57cf37beb7c747dca9580125cbd7c2e1f3a7761a3736072b1ec2ee14fa1f844f13df4163aa167b5cb9010e7e7fd00b2724553d481

        • /data/data/com.muzhiwan.market/databases/notes-db

          Filesize

          4KB

          MD5

          f2b4b0190b9f384ca885f0c8c9b14700

          SHA1

          934ff2646757b5b6e7f20f6a0aa76c7f995d9361

          SHA256

          0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

          SHA512

          ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

        • /data/data/com.muzhiwan.market/databases/notes-db-journal

          Filesize

          512B

          MD5

          82a120fc921cf578bfa578583c693328

          SHA1

          45a600b1fc03633f0576f63168f20cd2c4c50be9

          SHA256

          93a30e271b18a94a80a719f387d59cebd95f7d85f40de3354c1fef918a4f03be

          SHA512

          d11f47f3bfc79e79f31e83b2cb4050649053cdfdd5b320d1db8a666412714ec88d1094c19cc33970e39f032de9accbc62c32e8626ede6c8320a2c227195ac8e9

        • /data/data/com.muzhiwan.market/databases/notes-db-shm

          Filesize

          42KB

          MD5

          43cabe6ff77bbdd04224e0cd9e776f8e

          SHA1

          c45f26220707f42a3a02d3915f82e775bdad9352

          SHA256

          bdd2cf9b9e5dcc988da4210c7af4e11e158b35394135ece9d6b587ff34079148

          SHA512

          18decf6885c9191a3d141b470c6e8d5176ea8fa2388f5a11641a9dee3bdb4a6e11ffc41be2d305ff074def103451f5945bfa02c342899c7bf02dcc6f36744edc

        • /data/data/com.muzhiwan.market/databases/notes-db-wal

          Filesize

          32KB

          MD5

          45b0d79905435eff9ae7e222eacd4df9

          SHA1

          0917a7f97468cbad88cd3588432e9bdd3d01c5aa

          SHA256

          4181ba18a36736c6fc74aba3a7c850f06d09bf159caa802e629bf7c963ea6898

          SHA512

          19778e4ad92f786490e1ae37f3c9dc9de6ad4351e39685ef0f55cf16ebac1583973081df6315a0794fce7f6b11603e92f81f5b77189960bad7d393687696058d

        • /data/data/com.muzhiwan.market/files/install_file_dir

          Filesize

          5KB

          MD5

          2d3a579b824de834fa63e4d5d17a5ad1

          SHA1

          cb210fa3d48f5325acd4106c13cd61e820c65ec5

          SHA256

          157a7c528ce710578c6f8945d4cadd7b6192ed62fa203afcfdaeb2ed5f03b8b5

          SHA512

          47cca74ab0daf6e35893702979fac4ef8b5d1abb7ca4e6f99aee45d19676091d420294665374eaf0b21cd60b19e0b47025c6f96b48fe368a9c1f288c79d0ec96

        • /data/data/com.muzhiwan.market/files/install_file_dir-shm

          Filesize

          32KB

          MD5

          bb7df04e1b0a2570657527a7e108ae23

          SHA1

          5188431849b4613152fd7bdba6a3ff0a4fd6424b

          SHA256

          c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

          SHA512

          768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

        • /data/data/com.muzhiwan.market/files/install_file_dir-wal

          Filesize

          3KB

          MD5

          a8a6a538716c8e4c3b9f3b3da9484250

          SHA1

          5ae91a582bf57d2799bef22a840d66d56dc14aae

          SHA256

          bc08c266ba5ccd327b57532b4bb628a2b8cff1de9865e24a618203eb2b1561c0

          SHA512

          64f96041e94ea1aa7402dc2d9166eb1043a59237e76a1b409b42517a0902f82486be4314969628415ede51dac3408c6814640c818eaa8c5bf1732913d55520ba

        • /data/data/com.muzhiwan.market/files/install_file_dir-wal

          Filesize

          32KB

          MD5

          becf5b86bc3fb33f391eea78ccdee800

          SHA1

          7013413c171a1823cd8beb762c32469343afb13a

          SHA256

          740a40e33af0ce47c68e3694d2774b6825933d731a70af085cf7591c27d91ab3

          SHA512

          87390e136780723980550fd1e4aa92eaa2702a39e0512ed6998902997318ee22fc7f383e07d1af5ef219075a2877f9aa67335f848bd9959553e844fe74fd9fb4

        • /storage/emulated/0/data/.push_deviceid

          Filesize

          32B

          MD5

          c303ee8b8b2532e2c59ae7c3ca19ff3d

          SHA1

          a3d8bfd1ed8065ee54d440e75cdcd7562ce90602

          SHA256

          7cda56893b89cc7b67246e245cab672c5e31775ef85116deb00afb5c6386e60f

          SHA512

          0c4f02ff50bb19f95abcd7e8fb8f3548d2d6112d0d0610d2d497291545b71f5ff06e433cd52c667b0a1b67024b86b6cbb619e0735e811bee727ae4362aabb983

        • /storage/emulated/0/data/.systemid

          Filesize

          4KB

          MD5

          eb4279af0d2d8d99b32a4f8453bf7097

          SHA1

          2d65ebd5bf280a954cb86d3cc5cebadbac954c96

          SHA256

          96be0e9f0f921141fe061b972d1c1637d4b8d1521316a72a646069c0cd642225

          SHA512

          888c59462e7fea3b8c8529f4c649619140d3a1bbc801abeae92c916ee4eb8470f91d588e5d3e0f2c7033066ef7d061f39345a60e766fced9e42c643f9d04c808

        • /storage/emulated/0/data/.systemmac

          Filesize

          42KB

          MD5

          7bc525aa5cfd71cd4d2ad570fd72a906

          SHA1

          b411e1b345b5e9e4a0e4f603b46277278981e921

          SHA256

          14b68457395896d3ffe12b777f52fe2cc4182a6c9ba383555b12522c93657b00

          SHA512

          5f1973360665bdeb536d8dc2a9c5d2077990fbc6fd3653747de9d54c7032a776151f39986792ab57773623a143b2d65cfbb585aa53c823197485eba9e75c8e2f